Hi Kaviya,
The email address is not returned in the token exchange API response.
In the token exchange process, you can collect the authenticated ORCID iD, access tokens and the user's name. All this data is the one considered essential to work with the API.
The email address can be obtained by doing a get /email call or a get /record call:
However, getting an email address from ORCID records depends on the visibility settings: you will only be able to collect email addresses that are set with Public visibility settings.
Researcher control is one of ORCID’s core principles, so we would like to highlight the fact that the visibility settings of an ORCID record will always be in control of the ORCID record holder.
Please, do not request your users to change their email visibility settings to Public. This is not part of our recommended practices and we encourage you not to do that. You can enable a form field so that users can enter their email addresses instead.
I hope that this helps.
All best,